Site Security Planning

Firewalls

If your Web site is but one of many within your organization, a corporate firewall placed between your intranet and the Internet will partially protect it from intrusion. The firewall protects your intranet or corporate LAN from intrusion, by controlling access from the Internet, or other large network.

Firewalls vary in their approach to providing security. IP packet filtering offers weak security, is cumbersome to manage, and is easily defeated. Application gateways are more secure than packet filters and easier to manage because they only deal with a few specific applications, such as a particular e-mail system. Proxy servers can provide application gateways, safe access for anonymous users, and other services.

Take advantage of the firewall security features that can help you. Your firewall administrator might be able to fine tune the firewall’s access control in order to meet your site’s needs. The best firewalls feature reports all attempts at unauthorized access. Use these reports in your own monitoring efforts.

Do not place sole reliance for Web site security on your corporate firewall. Above all, do not take the effectiveness of your corporate firewall for granted. Among the reasons to resist this temptation:

Firewalls are fallible. They are often breached. The viruses designed to breach firewalls and wreak havoc on your site are called Trojan Horses for good reason: they get past the gate (the firewall).
Firewalls are subject to constant technological change. As your organization upgrades its firewall, the firewall security scheme might change. Do you know what the new scheme entails? Does it meet your needs?
Firewall security policy changes to meet changing needs. Are the security needs of your site included?

Whatever its security scheme, once the firewall has been breached, you must rely on your own site security measures to defend its resources against intruders.